Re: simple log in

Posted 04 December 2010 - 09:04 PM

For a more advanced encryption I would check out how to salt a password with various tokens including the standard sha1 hash. You could do something like this:

//assuming that $password is retrieved through post.
// when registering a user you can always generate a
// random key that is stored in the database for said
// user and query the key where username is the username
// gathered from post.
$key1 = '1kj4232kjas';
$key2 = 'a8d7asj2k41';
$password = sha1($key1.$password.$key2);
//then check the database for the password.

Re: simple log in

To encrypt the password before its entered into your database, you will do this with your MySql insert statement using the php PASSWORD() funciton when it is entered

$query = INSERT into users VALUES ('$userid', PASSWORD('$password'));

This encrypts the password into a 41 byte hexadecimal value. (Create the password field as a 41 char text)

For the sake of the OP, I must point out that the above is not correct. MD5 is not encryption, it's a hash. If MD5 were encryption, then you would be able to decrypt the MD5 output back into the original value. The MD5 function (on any platform) will provide a 32 bit value of whatever is passed into it. This can be a string, a file, or pages & pages of text.

MD5 is one way. Encryption is two way. With MD5 you can't reverse the output.

Re: simple log in

Posted 04 December 2010 - 09:32 PM

@no2pencil Nothing about the code I posted is incorrect. You are right PASSWORD() is not a php function it is a MySQL function, I should of been more specific. The code I posted will correctly encrypt and decrypt data sent to and from the database and it stores like I said above. I never mentioned MD5 in any of my posts, maybe I misunderstood the OP